Method and apparatus for detecting vulnerabilities of integrated or customized open source projects in software

A technology for detecting software and vulnerabilities, applied in computer security devices, instruments, computing, etc., can solve problems such as lack of efficiency, slowness and complexity, and few vulnerability detection solutions

Active Publication Date: 2019-07-05
CHINA ACADEMY OF INFORMATION & COMM
View PDF3 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] At present, there are few vulnerability detection schemes for integrated or customized open source projects in software, and most of them detect vulnerabilities through component version comparison, that is, search for component names and version number strings in software files and compare them with the version affected by the vulnerability To determine whether a vulnerability exists, and to avoid incompatibilities caused by version update iterations, the integrated or customized software of open source projects generally only repairs the code with vulnerabilities and does not update the component version. Therefore, general detection methods or tools cannot accurately determine the existence of vulnerabilities. Whether the code of the vulnerability has been patched, so that the vulnerability cannot be accurately detected. In addition, the component name and version number string may be removed from the software of some integrated or customized open source projects, so the vulnerability cannot be detected through the method of component version comparison
However, general software vulnerability detection methods, such as fuzzing technology that detects software anomalies by constructing random test cases according to strategies, and code audits that manually read audit codes to detect vulnerabilities in software integration and customized components, are relatively slow and complicated, and lack efficiency
It can be seen that there is currently a lack of methods for quickly and accurately detecting the vulnerabilities of integrated or customized open source projects in software

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and apparatus for detecting vulnerabilities of integrated or customized open source projects in software
  • Method and apparatus for detecting vulnerabilities of integrated or customized open source projects in software
  • Method and apparatus for detecting vulnerabilities of integrated or customized open source projects in software

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0046] The technical solutions in the embodiments of the present invention will be clearly and completely described below in conjunction with the accompanying drawings in the embodiments of the present invention. Obviously, the described embodiments are only a part of the embodiments of the present invention, rather than all the embodiments. Based on the embodiments of the present invention, all other embodiments obtained by those of ordinary skill in the art without creative work shall fall within the protection scope of the present invention.

[0047] Such as figure 1 As shown, the embodiment of the present invention provides a method for detecting vulnerabilities of integrated or customized open source projects in software, including:

[0048] Step 101: Obtain original vulnerability information of the open source project from a preset collection library.

[0049] Step 102: According to the original vulnerability information of the open source project, extract the vulnerability des...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides a method and device for detecting integrated or customized open source project bugs in software and relates to the technical field of software bug detecting. The method includes the steps that original bug information of an open source project is obtained from a preset gather library; according to the original bug information of the open source project, bug description information, bug influenced software or component version information and bug detection detail feature information of the open source project are extracted; according to the bug description information, bug influenced software or component version information and bug detection detail feature information of the open source project, a bug detection database is established; the bug detection database comprises all detection items which are arrayed according to a preset index sequence; a code and an executable file of software to be detected are extracted from the software to be detected; according to all the detection items in the bug detection database, the code and the executable file of the software to be detected are sequentially matched and detected according to the preset index sequence so as to determine whether the bugs exist in the integrated or customized open source project in the software to be detected or not.

Description

Technical field [0001] The present invention relates to the technical field of software vulnerability detection, in particular to a method and device for detecting vulnerabilities of integrated or customized open source projects in software. Background technique [0002] Open source projects are registered as certification marks by non-profit software organizations and have been formally defined to describe software whose source code can be used by the public. The use, modification and distribution of open source projects are not subject to license restrictions. Currently, with the vigorous development of open source projects on the Internet, excellent open source software has been widely integrated or custom developed into components by other software projects, such as linux, openssl, webkit, etc. At the same time, the number of integrated or customized open source projects in a piece of software has greatly increased. For example, the number of integrated and customized open so...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Patents(China)
IPC IPC(8): G06F21/57
CPCG06F21/577
Inventor 倪昀泽潘娟杨正军王艳红李乔刘颖
Owner CHINA ACADEMY OF INFORMATION & COMM
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products